de4dot
|
0ce27f8a2d
|
Print some info about the encrypted native methods
|
2011-11-25 15:33:13 +01:00 |
|
de4dot
|
51892f62a2
|
Re-encrypt native methods
|
2011-11-25 15:24:12 +01:00 |
|
de4dot
|
07f0376b45
|
Add methods to encrypt resource data, and set new data
|
2011-11-25 15:21:29 +01:00 |
|
de4dot
|
900ec1bf07
|
Add code to dump DNR native methods to a file
|
2011-11-25 15:16:50 +01:00 |
|
de4dot
|
b259991415
|
Some fixes:
- Remove empty class only if methods are inlined
- Don't add .cctor methods to possibly-inlined-methods list
|
2011-11-24 23:58:42 +01:00 |
|
de4dot
|
0516e4540d
|
Remove calls to empty class
|
2011-11-24 10:44:01 +01:00 |
|
de4dot
|
eee2c509be
|
Make sure decrypter type is removed
|
2011-11-24 10:10:39 +01:00 |
|
de4dot
|
17660c225e
|
Update decrypter detection code
|
2011-11-24 10:08:29 +01:00 |
|
de4dot
|
73d1316b2d
|
Add a new random name regex
|
2011-11-24 07:57:31 +01:00 |
|
de4dot
|
3bfb2e7dc7
|
Update DNR detection
|
2011-11-24 07:49:50 +01:00 |
|
de4dot
|
0c4abcc039
|
Update detection of possibly inlined methods
|
2011-11-24 06:48:23 +01:00 |
|
de4dot
|
4a65770c59
|
Check each part of the namespace instead of all of it at once
|
2011-11-23 11:50:34 +01:00 |
|
de4dot
|
397f5f5b5b
|
Update DNR valid-name-check code
|
2011-11-23 05:28:57 +01:00 |
|
de4dot
|
e9e0588cb6
|
Use Utils.StartsWith() since mono's impl is buggy
|
2011-11-17 04:22:12 +01:00 |
|
de4dot
|
c62ca29df5
|
Update code for DNR 4.3+ obfuscated assemblies
|
2011-11-12 16:04:51 +01:00 |
|
de4dot
|
b80024bbc5
|
Find the method in a nested class (DNR 4.3+)
|
2011-11-12 15:22:17 +01:00 |
|
de4dot
|
07826f133e
|
Update names since it's anti strong name code
|
2011-11-12 15:15:47 +01:00 |
|
de4dot
|
7df264d59c
|
Remove tamper detection code
|
2011-11-12 13:31:08 +01:00 |
|
de4dot
|
4b335f9489
|
Add a TypeLong property
|
2011-11-12 11:31:07 +01:00 |
|
de4dot
|
76825d3a9b
|
Encrypted resources aren't always using the public key token
|
2011-11-12 11:19:10 +01:00 |
|
de4dot
|
0318c85a07
|
Convert 'return some_int' native methods to CIL code
|
2011-11-11 20:55:39 +01:00 |
|
de4dot
|
fb4128cbfb
|
Update a few strings
|
2011-11-10 14:48:33 +01:00 |
|
de4dot
|
ff3b1b0ecc
|
Rename random names
|
2011-11-10 00:47:22 +01:00 |
|
de4dot
|
c562c335e8
|
Add option to remove namespace if there's only one class in it
|
2011-11-09 12:08:48 +01:00 |
|
de4dot
|
ca232b521a
|
Update regex
|
2011-11-08 22:11:19 +01:00 |
|
de4dot
|
c6bdd51573
|
Rename --dr-dump-embedded -> --dr-embedded
|
2011-11-08 21:43:57 +01:00 |
|
de4dot
|
22739f5cd9
|
Remove decrypter type (all refs to it should be gone now)
|
2011-11-08 21:27:03 +01:00 |
|
de4dot
|
3bfb100fd5
|
Add resource decrypter
|
2011-11-08 19:32:10 +01:00 |
|
de4dot
|
0f627d728c
|
Use new FieldTypes code
|
2011-11-08 19:27:27 +01:00 |
|
de4dot
|
6d1cca149a
|
Only check static methods
|
2011-11-08 11:36:09 +01:00 |
|
de4dot
|
c381423c48
|
Remove metadata token obfuscator type
|
2011-11-08 10:39:35 +01:00 |
|
de4dot
|
4e8f8a295b
|
Remove assembly resolver type only if we're inlining methods
|
2011-11-08 10:37:39 +01:00 |
|
de4dot
|
8c91b56cb5
|
Save embedded assemblies to disk
|
2011-11-08 10:27:18 +01:00 |
|
de4dot
|
045e6ecf73
|
Use better property names
|
2011-11-06 15:24:30 +01:00 |
|
de4dot
|
d60ab64c25
|
Move code to read module data to DeobUtils.cs
|
2011-11-06 13:46:50 +01:00 |
|
de4dot
|
a0509d2735
|
Use the new lookup() method
|
2011-11-06 12:18:35 +01:00 |
|
de4dot
|
e01e3c4e7f
|
Update valid name regex
|
2011-11-04 11:01:21 +01:00 |
|
de4dot
|
4ce90dbfc0
|
Only print "found native code" warning once
|
2011-11-04 07:37:33 +01:00 |
|
de4dot
|
37f12ba60f
|
Some small updates
|
2011-11-04 07:21:12 +01:00 |
|
de4dot
|
e1715adb48
|
Update default regex
|
2011-11-04 00:35:07 +01:00 |
|
de4dot
|
a2ecd85044
|
Deobfuscator type is now 2 chars
|
2011-11-03 20:03:32 +01:00 |
|
de4dot
|
c177c2ff42
|
Don't print message since the code is now much faster
|
2011-11-02 02:39:53 +01:00 |
|
de4dot
|
6a07ee5b5e
|
It's generic code so move it to common parent dir
|
2011-11-01 18:48:52 +01:00 |
|
de4dot
|
7bdea53134
|
Check op for null and update detection code
|
2011-11-01 18:47:26 +01:00 |
|
de4dot
|
6f4447aa98
|
It's generic code so move it to common parent dir
|
2011-11-01 18:46:59 +01:00 |
|
de4dot
|
c354ded987
|
Add code to restore ldtoken instructions
|
2011-11-01 15:17:26 +01:00 |
|
de4dot
|
5170e62e21
|
Add code to remove inlined methods and option to disable it
|
2011-11-01 14:23:30 +01:00 |
|
de4dot
|
ed625e256d
|
Restore field types and add option to disable it
|
2011-10-31 19:41:38 +01:00 |
|
de4dot
|
6b04c23036
|
Update decrypter and version detecter code
|
2011-10-31 00:09:38 +01:00 |
|
de4dot
|
35005a1a51
|
getStringDecrypterMethods() now adds all string decrypter methods
|
2011-10-30 19:28:13 +01:00 |
|
de4dot
|
0ddbe16349
|
Update DNR version number detection code
|
2011-10-30 06:15:52 +01:00 |
|
de4dot
|
2ede24598d
|
Detect DNR version
|
2011-10-29 20:28:29 +02:00 |
|
de4dot
|
efe98949b1
|
Minor updates
|
2011-10-29 20:26:59 +02:00 |
|
de4dot
|
37a64f77f2
|
Index should be set to instruction before we broke out of the loop
|
2011-10-29 20:25:41 +02:00 |
|
de4dot
|
b57c93eae4
|
Update DNR methods decrypter code
|
2011-10-29 03:39:32 +02:00 |
|
de4dot
|
040410d7ce
|
Methods decrypter method could be null
|
2011-10-29 03:39:08 +02:00 |
|
de4dot
|
def4072bc5
|
Move array finder code to a new ArrayFinder class
|
2011-10-29 03:38:09 +02:00 |
|
de4dot
|
0a8d772c22
|
Decrypt methods sent to the JITter
|
2011-10-29 02:27:34 +02:00 |
|
de4dot
|
c4d6ba9ae9
|
Some minor updates
|
2011-10-29 02:25:31 +02:00 |
|
de4dot
|
89f90d3e75
|
Make sure publicKeyToken.Length > 0
|
2011-10-28 01:44:15 +02:00 |
|
de4dot
|
699ac4378d
|
Support older string decrypter method and detect older methods decrypter
|
2011-10-28 01:33:05 +02:00 |
|
de4dot
|
09178a6e95
|
Update methods decrypter and string decrypter
|
2011-10-27 22:25:44 +02:00 |
|
de4dot
|
5357b4f73c
|
Update code to handle 4.1 obfuscated assemblies
|
2011-10-27 02:08:30 +02:00 |
|
de4dot
|
93d4ac1c9d
|
Update type name
|
2011-10-27 02:07:33 +02:00 |
|
de4dot
|
41356b2d30
|
Check for methods with no body
|
2011-10-27 02:07:06 +02:00 |
|
de4dot
|
ceca5718ba
|
Remove encrypted resources and call to methods decrypter
|
2011-10-26 23:00:01 +02:00 |
|
de4dot
|
dfb73f222f
|
Add options to disable decryption of methods and bools
|
2011-10-26 22:24:31 +02:00 |
|
de4dot
|
63ab61fb12
|
Deobfuscate cflow again if a bool was decrypted
|
2011-10-26 22:16:51 +02:00 |
|
de4dot
|
db7edc2a72
|
Add BoolValueInliner class
|
2011-10-26 21:05:35 +02:00 |
|
de4dot
|
e4f2af221a
|
Add BooleanDecrypter class
|
2011-10-26 20:23:45 +02:00 |
|
de4dot
|
f37a46a02b
|
Decrypt strings
|
2011-10-26 19:49:25 +02:00 |
|
de4dot
|
6bde8b8b20
|
Decrypt some DNR 4.0 non-native obfuscated assemblies
|
2011-10-26 14:40:55 +02:00 |
|
de4dot
|
bfa0fa14c0
|
Add decrypt methods to IDeobfuscator. Change some method sigs.
|
2011-10-26 14:29:12 +02:00 |
|
de4dot
|
685c5ba79c
|
Add code to detect methods decrypter method
|
2011-10-25 08:27:36 +02:00 |
|
de4dot
|
cb5589ee28
|
Add skeleton DNR file
|
2011-10-24 19:44:49 +02:00 |
|